From 222a77dfe754cb05cfcda3fe872f7bf2230b0bd9 Mon Sep 17 00:00:00 2001
From: Florian Ruynat <16313165+floryut@users.noreply.github.com>
Date: Thu, 21 Jan 2021 17:13:03 +0100
Subject: [PATCH] Change node-role.kubernetes.io from master to control-plane
(#7183)
---
inventory/sample/group_vars/k8s-cluster/addons.yml | 4 ++++
.../ansible/templates/coredns-deployment.yml.j2 | 6 ++++++
roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 | 4 ++++
.../ansible/templates/dns-autoscaler.yml.j2 | 7 ++++++-
.../oci/templates/oci-cloud-provider.yml.j2 | 7 +++++++
.../templates/azure-csi-azuredisk-controller.yml.j2 | 4 ++--
.../vsphere/templates/vsphere-csi-controller-ss.yml.j2 | 7 +++++++
.../external-openstack-cloud-controller-manager-ds.yml.j2 | 6 ++++++
.../external-vsphere-cloud-controller-manager-ds.yml.j2 | 6 ++++++
.../ambassador/templates/cr-ambassador-installation.yml.j2 | 5 +++--
roles/kubernetes-apps/metallb/templates/metallb.yml.j2 | 2 ++
.../templates/metrics-server-deployment.yaml.j2 | 6 ++++++
.../calico/templates/calico-kube-controllers.yml.j2 | 2 ++
roles/kubernetes/master/tasks/kubeadm-setup.yml | 2 +-
roles/network_plugin/calico/templates/calico-typha.yml.j2 | 3 +++
.../ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 | 3 +++
16 files changed, 68 insertions(+), 6 deletions(-)
diff --git a/inventory/sample/group_vars/k8s-cluster/addons.yml b/inventory/sample/group_vars/k8s-cluster/addons.yml
index 5925a4d2c..32a86e4a5 100644
--- a/inventory/sample/group_vars/k8s-cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s-cluster/addons.yml
@@ -94,6 +94,10 @@ ingress_publish_status_address: ""
# operator: "Equal"
# value: ""
# effect: "NoSchedule"
+# - key: "node-role.kubernetes.io/control-plane"
+# operator: "Equal"
+# value: ""
+# effect: "NoSchedule"
# ingress_nginx_namespace: "ingress-nginx"
# ingress_nginx_insecure_port: 80
# ingress_nginx_secure_port: 443
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index 6a7253422..d14dde08b 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -31,6 +31,8 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
{% if dns_extra_tolerations | default(None) %}
{{ dns_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
{% endif %}
@@ -46,7 +48,11 @@ spec:
- weight: 100
preference:
matchExpressions:
+{% if kube_version is version('v1.20.0', '<') %}
- key: node-role.kubernetes.io/master
+{% else %}
+ - key: node-role.kubernetes.io/control-plane
+{% endif %}
operator: In
values:
- ""
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index ea8c27845..d75b2cd08 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -219,6 +219,8 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
{% endif %}
---
@@ -316,4 +318,6 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
{% endif %}
diff --git a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
index ead631e07..b49c41264 100644
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
@@ -40,8 +40,9 @@ spec:
kubernetes.io/os: linux
tolerations:
- effect: NoSchedule
- operator: Equal
key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -54,7 +55,11 @@ spec:
- weight: 100
preference:
matchExpressions:
+{% if kube_version is version('v1.20.0', '<') %}
- key: node-role.kubernetes.io/master
+{% else %}
+ - key: node-role.kubernetes.io/control-plane
+{% endif %}
operator: In
values:
- ""
diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2
index 7ed87603c..071432401 100644
--- a/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2
+++ b/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2
@@ -36,7 +36,11 @@ spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
+{% if kube_version is version('v1.20.0', '<') %}
node-role.kubernetes.io/master: ""
+{% else %}
+ node-role.kubernetes.io/control-plane: ""
+{% endif %}
tolerations:
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
@@ -44,6 +48,9 @@ spec:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
volumes:
- name: cfg
secret:
diff --git a/roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-controller.yml.j2 b/roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-controller.yml.j2
index ab7a540f8..659c9b965 100644
--- a/roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-controller.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-controller.yml.j2
@@ -21,8 +21,8 @@ spec:
priorityClassName: system-cluster-critical
tolerations:
- key: "node-role.kubernetes.io/master"
- operator: "Equal"
- value: "true"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/control-plane"
effect: "NoSchedule"
containers:
- name: csi-provisioner
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2
index 24651d90d..b762b496d 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2
@@ -19,11 +19,18 @@ spec:
spec:
serviceAccountName: vsphere-csi-controller
nodeSelector:
+{% if kube_version is version('v1.20.0', '<') %}
node-role.kubernetes.io/master: ""
+{% else %}
+ node-role.kubernetes.io/control-plane: ""
+{% endif %}
tolerations:
- operator: "Exists"
key: node-role.kubernetes.io/master
effect: NoSchedule
+ - operator: "Exists"
+ key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
dnsPolicy: "Default"
containers:
- name: csi-attacher
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
index 295ecee2d..c623fecce 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
@@ -24,7 +24,11 @@ spec:
k8s-app: openstack-cloud-controller-manager
spec:
nodeSelector:
+{% if kube_version is version('v1.20.0', '<') %}
node-role.kubernetes.io/master: ""
+{% else %}
+ node-role.kubernetes.io/control-plane: ""
+{% endif %}
securityContext:
runAsUser: 1001
tolerations:
@@ -33,6 +37,8 @@ spec:
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
serviceAccountName: cloud-controller-manager
containers:
- name: openstack-cloud-controller-manager
diff --git a/roles/kubernetes-apps/external_cloud_controller/vsphere/templates/external-vsphere-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/vsphere/templates/external-vsphere-cloud-controller-manager-ds.yml.j2
index 8bd4e6410..dc1b7ffda 100644
--- a/roles/kubernetes-apps/external_cloud_controller/vsphere/templates/external-vsphere-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/vsphere/templates/external-vsphere-cloud-controller-manager-ds.yml.j2
@@ -24,7 +24,11 @@ spec:
k8s-app: vsphere-cloud-controller-manager
spec:
nodeSelector:
+{% if kube_version is version('v1.20.0', '<') %}
node-role.kubernetes.io/master: ""
+{% else %}
+ node-role.kubernetes.io/control-plane: ""
+{% endif %}
securityContext:
runAsUser: 0
tolerations:
@@ -33,6 +37,8 @@ spec:
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
serviceAccountName: cloud-controller-manager
containers:
- name: vsphere-cloud-controller-manager
diff --git a/roles/kubernetes-apps/ingress_controller/ambassador/templates/cr-ambassador-installation.yml.j2 b/roles/kubernetes-apps/ingress_controller/ambassador/templates/cr-ambassador-installation.yml.j2
index d1a6fb216..8449cd5b8 100644
--- a/roles/kubernetes-apps/ingress_controller/ambassador/templates/cr-ambassador-installation.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ambassador/templates/cr-ambassador-installation.yml.j2
@@ -16,7 +16,8 @@ spec:
helmValues:
tolerations:
- key: "node-role.kubernetes.io/master"
- operator: Equal
+ effect: NoSchedule
+ - key: "node-role.kubernetes.io/control-plane"
effect: NoSchedule
deploymentTool: amb-oper-kubespray
{% if ingress_ambassador_host_network %}
@@ -34,4 +35,4 @@ spec:
port: 443
hostPort: {{ ingress_ambassador_secure_port }}
targetPort: 8443
- protocol: TCP
\ No newline at end of file
+ protocol: TCP
diff --git a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2 b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
index af4c0f215..392c02137 100644
--- a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
@@ -345,6 +345,8 @@ spec:
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
---
apiVersion: apps/v1
kind: Deployment
diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
index d636d6ad9..746d7c352 100644
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@@ -126,6 +126,8 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
{% endif %}
affinity:
nodeAffinity:
@@ -133,7 +135,11 @@ spec:
- weight: 100
preference:
matchExpressions:
+{% if kube_version is version('v1.20.0', '<') %}
- key: node-role.kubernetes.io/master
+{% else %}
+ - key: node-role.kubernetes.io/control-plane
+{% endif %}
operator: In
values:
- ""
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index c1db6b685..f861d918d 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -26,6 +26,8 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 43655a30d..1cef72396 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -226,7 +226,7 @@
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
- name: kubeadm | Remove taint for master with node role
- command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
+ command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule- node-role.kubernetes.io/control-plane:NoSchedule-"
delegate_to: "{{ groups['kube-master'] | first }}"
when: inventory_hostname in groups['kube-node']
failed_when: false
diff --git a/roles/network_plugin/calico/templates/calico-typha.yml.j2 b/roles/network_plugin/calico/templates/calico-typha.yml.j2
index c23e93d46..143a1711e 100644
--- a/roles/network_plugin/calico/templates/calico-typha.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-typha.yml.j2
@@ -54,6 +54,9 @@ spec:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
# Since Calico can't network a pod until Typha is up, we need to run Typha itself
# as a host-networked pod.
serviceAccountName: calico-node
diff --git a/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 b/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2
index 127115276..5e76f8e6a 100644
--- a/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2
+++ b/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2
@@ -414,6 +414,9 @@ spec:
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
operator: "Exists"
+ - key: "node-role.kubernetes.io/control-plane"
+ effect: "NoSchedule"
+ operator: "Exists"
serviceAccountName: k8s-nfn-sa
containers:
- name: nfn-operator
--
GitLab